Mission Context:
Axepta BNP Paribas is seeking an experienced and hands-on Chief Information Security Officer (CISO) to lead the cybersecurity and IT risk management efforts within our payment institution. The successful candidate will bring deep expertise in cybersecurity principles, risk management practices, and regulatory compliance to ensure the confidentiality, integrity, and availability of systems and sensitive customer data. This role involves direct responsibility for designing, implementing, and maintaining a comprehensive information security strategy. The CISO will work closely with both technical and non-technical teams across the organization and within the BNP Paribas Group.
Function Description:
The CISO will be part of the IT team at Axepta BNP Paribas and will report to the CIO.
Key Responsibilities:
Cybersecurity Strategy and Governance:
* Implement a cybersecurity vision and strategy based on organizational priorities, aligning with business objectives and ensuring senior stakeholder buy-in and mandate.
Define and establish a governance structure for cybersecurity within the first line of defense, consistent with BNP Paribas Group IT governance and principles.
* Collaborate with the CIO to create and manage a unified and flexible referential framework (policies, requirements, indicators, control plans, guidelines) to address the wide variety of evolving technologies, global laws, standards, and regulations.
IT Risk Management:
* Lead risk assessments and vulnerability management efforts to identify and mitigate risks to the company's IT systems and infrastructure.
* Provide recommendations to mitigate risks associated with new technology deployments and ensure regulatory compliance.
* Monitor progress of cybersecurity programs and IT risk remediation plans, providing status updates to the CIO and the 2nd Line of Defense.
* Monitor external security posture and provide security monitoring for critical third parties.
* Lead IT security risk activities in collaboration with ITRO and CRO, delivering a consolidated IT security risk dashboard to the Risk Committee.
* Oversee the closure of IT security audits and reviews, addressing internal and external recommendations.
* Coordinate responses to regulators’ inquiries on cybersecurity and IT security risk management.
Security Operations & Incident Response:
* Oversee the day-to-day operations of the information security program, ensuring continuous monitoring of systems, networks, and data.
* Provide expertise and support on cybersecurity, IT risk management, and connected topics, including asset inventories for information assets in cloud services and third parties.
* Support the BNPPF CISO team in coordinating responses to cyber incidents and crises, and ensure the implementation of incident response plans to recover business-critical services after a security event.
* Coordinate communication with authorities and regulators in the event of cyber incidents.
Cybersecurity Projects and Expertise Sharing (Focus on DORA):
* Lead the information security and third-party risk management streams in the DORA program.
* Provide expertise and support to departments (IT and business) during strategic project development, penetration testing, red teaming, and reviews of new business activities, alongside CIO and BNPPF CISO guidance on cybersecurity topics.
* Anticipate cybersecurity and IT risks linked to emerging technologies and advocate for technologies that can better protect the company, with support from the BNPPF CISO team.
* Ensure cybersecurity and IT risk management are embedded in project delivery processes by providing appropriate policies, practices, and guidelines.
* Collaborate with the procurement and supplier management teams to ensure information security and IT risk management requirements are included in master contracts.
Security Awareness and Training:
* Build internal networks within the company and BNP Paribas group, ensuring alignment across risk management, business executives, compliance, legal, and HR management teams.
* Engage with external peers to address common cybersecurity trends, findings, and IT risks.
* Manage a targeted cybersecurity and IT security risk management awareness and training program for all employees, contractors, and business executives.
Education:
* Background in Cybersecurity, Risk Management
Certifications:
* Relevant certifications (CISM, CISSP, NIS2, GDPR, ISO 27001 Lead Implementer)
Required Experience / Knowledge:
* Hands-On Technical Expertise: Strong technical background in network security, system administration, and hands-on experience with security tools and technologies (firewalls, IDS/IPS, SIEM, encryption, etc.). Experience with cloud security, SaaS products, and securing payment systems.
* Risk Management Experience: Proven experience in IT risk management, including conducting risk assessments, vulnerability management, and implementing risk mitigation strategies. Ideally, the candidate should have experience managing third-party risks.
* Regulatory Knowledge: Familiarity with payment industry regulations such as DORA, PCI-DSS, GDPR, and other relevant data protection and security standards.
* Strategic Oversight: Ability to reconcile the cybersecurity program with ongoing initiatives while ensuring alignment with the BNP Paribas Group.
* Leadership and Communication: Strong leadership skills and the ability to communicate complex security concepts to non-technical stakeholders, including executive leadership and the board. Proven stakeholder management, including facing regulators.
* Experience: A minimum of 5-7 years of experience in information security, with at least 3 years in a leadership role, preferably in a financial services environment.
Nice to Have:
* Familiarity with payment institutions and understanding of the unique security challenges in the financial services industry.
#J-18808-Ljbffr